Search criteria
30 vulnerabilities found for total_security by kaspersky
FKIE_CVE-2022-27534
Vulnerability from fkie_nvd - Published: 2022-04-01 23:15 - Updated: 2024-11-21 06:55
Severity ?
Summary
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | endpoint_security | * | |
| kaspersky | internet_security | * | |
| kaspersky | security_cloud | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAFD804-D268-40E2-9EAE-FAC4B370985A",
"versionEndExcluding": "12.03.2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54AFE429-3D4B-49D4-AC0D-FEDEB99A9187",
"versionEndExcluding": "12.03.2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72568879-E182-46DC-99D1-FFF4C133FB3F",
"versionEndExcluding": "12.03.2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "247E7C3E-89E3-46D4-A12E-4DC322A057AE",
"versionEndExcluding": "12.03.2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D6EC78-AD45-4FE8-AEB3-48C76A394925",
"versionEndExcluding": "12.03.2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53C7C9C-8A52-4F39-AB0D-D906B5936D86",
"versionEndExcluding": "12.03.2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
},
{
"lang": "es",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases lanzados antes del 12 de marzo de 2022, ten\u00edan un error en un m\u00f3dulo de an\u00e1lisis de datos que potencialmente permit\u00eda a un atacante ejecutar c\u00f3digo arbitrario. La correcci\u00f3n fue realizada de forma autom\u00e1tica. Cr\u00e9ditos: Georgy Zaytsev (Positive Technologies)"
}
],
"id": "CVE-2022-27534",
"lastModified": "2024-11-21T06:55:53.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:14.747",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27223
Vulnerability from fkie_nvd - Published: 2022-04-01 23:15 - Updated: 2024-11-21 05:57
Severity ?
Summary
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | endpoint_security | * | |
| kaspersky | internet_security | * | |
| kaspersky | security_cloud | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E82B17A3-41AD-4249-9BA8-12876758C110",
"versionEndExcluding": "2021-06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:endpoint_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F70BBDF-9AC9-4C15-97CC-F3E76F6B8677",
"versionEndExcluding": "2021-06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F359BF0-0E71-4BCA-B2AD-E6AC1448733F",
"versionEndExcluding": "2021-06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C16D752-1F39-41D2-A6C8-C910E1374C9D",
"versionEndExcluding": "2021-06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D69EA2F-06FE-401F-A77E-74FFAD37D4F8",
"versionEndExcluding": "2021-06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C34230-04C2-474B-96F0-003783420C61",
"versionEndExcluding": "2021-06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
},
{
"lang": "es",
"value": "Se presentaba un problema de denegaci\u00f3n de servicio en uno de los m\u00f3dulos incorporados en los productos Kaspersky Anti-Virus for home y Kaspersky Endpoint Security. Un usuario local pod\u00eda causar el bloqueo de Windows al ejecutar un m\u00f3dulo binario especialmente dise\u00f1ado. La correcci\u00f3n fue realizada de forma autom\u00e1tica. Cr\u00e9ditos: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
],
"id": "CVE-2021-27223",
"lastModified": "2024-11-21T05:57:37.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:09.163",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15689
Vulnerability from fkie_nvd - Published: 2019-12-02 21:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | kaspersky_internet_security | 2019 | |
| kaspersky | kaspersky_internet_security | 2019 | |
| kaspersky | kaspersky_internet_security | 2019 | |
| kaspersky | kaspersky_internet_security | 2019 | |
| kaspersky | secure_connection | 3.0 | |
| kaspersky | secure_connection | 4.0 | |
| kaspersky | security_cloud | 2019 | |
| kaspersky | security_cloud | 2019 | |
| kaspersky | security_cloud | 2019 | |
| kaspersky | security_cloud | 2020 | |
| kaspersky | total_security | 2019 | |
| kaspersky | total_security | 2019 | |
| kaspersky | total_security | 2019 | |
| kaspersky | total_security | 2019 | |
| kaspersky | total_security | 2020 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "1C079E9B-80C8-4953-B40E-83971CD43A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:patch_f:*:*:*:*:*:*",
"matchCriteriaId": "874B5413-7471-4B13-ACD4-6338D55E663F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:patch_i:*:*:*:*:*:*",
"matchCriteriaId": "B5774F5A-D570-45FB-AA39-5DB9EB53CEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_internet_security:2019:patch_j:*:*:*:*:*:*",
"matchCriteriaId": "83F454F9-607E-41B4-8FF0-2C42F4D53343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:secure_connection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B014E16-0F9F-4C3D-A9E3-200E09D88C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:secure_connection:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A06339D-2176-4F23-B458-68D44F1A5F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "00FFDD70-CB8F-47ED-B8E8-D0CCA55E98DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:2019:patch_i:*:*:*:*:*:*",
"matchCriteriaId": "D338597D-23EA-44D6-8B17-9871530702CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:2019:patch_j:*:*:*:*:*:*",
"matchCriteriaId": "525A49A3-0262-4B70-8C31-9EBDC7CCCBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "09AB668A-EE74-42B5-A302-45C6274A78F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "499BDE03-433A-4151-A38E-DAECA64D8648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:2019:patch_f:*:*:*:*:*:*",
"matchCriteriaId": "2B132D5E-B498-48E3-A994-F94ABDC8172D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:2019:patch_i:*:*:*:*:*:*",
"matchCriteriaId": "9975E755-D976-41BC-88C6-751B275CCDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:2019:patch_j:*:*:*:*:*:*",
"matchCriteriaId": "CD24AD6C-B8C4-4C3A-80E4-01C4CB67C26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1929ED-827B-456A-B66C-D5BE704C8AE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
},
{
"lang": "es",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud versiones anteriores a 2020 parche E, presentan un error que permite a un usuario local ejecutar c\u00f3digo arbitrario por medio de un archivo de ejecuci\u00f3n comprometido colocado por parte de un atacante con derechos de administrador. Sin escalada de privilegios. Una posible lista blanca omite algunos de los productos de seguridad"
}
],
"id": "CVE-2019-15689",
"lastModified": "2024-11-21T04:29:15.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-02T21:15:16.733",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
},
{
"source": "nvd@nist.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-Potential-Abuses-CVE-2019-15689"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.symantec.com/security-center/vulnerabilities/writeup/111033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15686
Vulnerability from fkie_nvd - Published: 2019-11-26 16:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | anti-virus | * | |
| kaspersky | internet_security | * | |
| kaspersky | security_cloud | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8765E8CA-25D7-45C4-A2B6-3E1CAB48D4BC",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:free:*:*:*",
"matchCriteriaId": "EE131770-352E-4D9A-BE68-AA02736FBC8A",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09282512-31CB-4248-B57A-9CC77ED62642",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03CD0D9A-0787-4123-821D-89FB247FE002",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11ACD5-3CFA-45EB-8505-D686EBB1E5FC",
"versionEndIncluding": "7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1EF32C-3E9E-4CC6-90E0-D992FDEE984A",
"versionEndIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
},
{
"lang": "es",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permiti\u00f3 a un atacante deshabilitar remotamente varias funcionalidades de protecci\u00f3n antivirus. Denegaci\u00f3n de Servicio, Omisi\u00f3n."
}
],
"id": "CVE-2019-15686",
"lastModified": "2024-11-21T04:29:15.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T16:15:12.103",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15685
Vulnerability from fkie_nvd - Published: 2019-11-26 16:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | anti-virus | * | |
| kaspersky | internet_security | * | |
| kaspersky | security_cloud | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8765E8CA-25D7-45C4-A2B6-3E1CAB48D4BC",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:free:*:*:*",
"matchCriteriaId": "EE131770-352E-4D9A-BE68-AA02736FBC8A",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09282512-31CB-4248-B57A-9CC77ED62642",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03CD0D9A-0787-4123-821D-89FB247FE002",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11ACD5-3CFA-45EB-8505-D686EBB1E5FC",
"versionEndIncluding": "7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1EF32C-3E9E-4CC6-90E0-D992FDEE984A",
"versionEndIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
},
{
"lang": "es",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permiti\u00f3 a un atacante deshabilitar remotamente las funcionalidades de seguridad del producto tales como navegaci\u00f3n privada y anti-banner. Omisi\u00f3n."
}
],
"id": "CVE-2019-15685",
"lastModified": "2024-11-21T04:29:15.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T16:15:12.057",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15687
Vulnerability from fkie_nvd - Published: 2019-11-26 16:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | anti-virus | * | |
| kaspersky | internet_security | * | |
| kaspersky | security_cloud | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8765E8CA-25D7-45C4-A2B6-3E1CAB48D4BC",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:free:*:*:*",
"matchCriteriaId": "EE131770-352E-4D9A-BE68-AA02736FBC8A",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09282512-31CB-4248-B57A-9CC77ED62642",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03CD0D9A-0787-4123-821D-89FB247FE002",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11ACD5-3CFA-45EB-8505-D686EBB1E5FC",
"versionEndIncluding": "7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1EF32C-3E9E-4CC6-90E0-D992FDEE984A",
"versionEndIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
},
{
"lang": "es",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection era vulnerable a una divulgaci\u00f3n remota de diversa informaci\u00f3n sobre el sistema del usuario (como versi\u00f3n de Window y versi\u00f3n del producto, ID \u00fanico del host). Divulgaci\u00f3n de Informaci\u00f3n."
}
],
"id": "CVE-2019-15687",
"lastModified": "2024-11-21T04:29:15.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T16:15:12.180",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15688
Vulnerability from fkie_nvd - Published: 2019-11-26 16:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | anti-virus | * | |
| kaspersky | internet_security | * | |
| kaspersky | security_cloud | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8765E8CA-25D7-45C4-A2B6-3E1CAB48D4BC",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:free:*:*:*",
"matchCriteriaId": "EE131770-352E-4D9A-BE68-AA02736FBC8A",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09282512-31CB-4248-B57A-9CC77ED62642",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03CD0D9A-0787-4123-821D-89FB247FE002",
"versionEndIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11ACD5-3CFA-45EB-8505-D686EBB1E5FC",
"versionEndIncluding": "7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1EF32C-3E9E-4CC6-90E0-D992FDEE984A",
"versionEndIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
},
{
"lang": "es",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no inform\u00f3 adecuadamente al usuario sobre la amenaza de redireccionar a un sitio no seguro . Omisi\u00f3n."
}
],
"id": "CVE-2019-15688",
"lastModified": "2024-11-21T04:29:15.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T16:15:12.243",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8286
Vulnerability from fkie_nvd - Published: 2019-07-18 19:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6
References
| URL | Tags | ||
|---|---|---|---|
| vulnerability@kaspersky.com | http://www.securityfocus.com/bid/109300 | Third Party Advisory, VDB Entry | |
| vulnerability@kaspersky.com | https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109300 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | * | |
| kaspersky | free_anti-virus | * | |
| kaspersky | internet_security | * | |
| kaspersky | small_office_security | * | |
| kaspersky | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809717AB-2B60-4242-90CB-AADA2DD4910A",
"versionEndIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:free_anti-virus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2122730F-0290-4649-A74B-88557E4BB960",
"versionEndIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AACC2371-3664-457F-9877-73B25D6300FA",
"versionEndIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:small_office_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "466D54D7-44EE-4085-9314-F369B58575F0",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F25C6C41-32B9-4263-8003-FAFAA542926B",
"versionEndIncluding": "2019",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"
},
{
"lang": "es",
"value": "La divulgaci\u00f3n de informaci\u00f3n en Kaspersky Anti-Virus, Kaspersky Internet Security, las versiones de Kaspersky Total Security hasta 2019 podr\u00edan revelar una identificaci\u00f3n de producto \u00fanica al obligar a la v\u00edctima a visitar una p\u00e1gina web especialmente dise\u00f1ada (por ejemplo, haciendo clic en el enlace de phishing). La vulnerabilidad tiene CVSS v3.0 puntuaci\u00f3n base 2.6"
}
],
"id": "CVE-2019-8286",
"lastModified": "2024-11-21T04:49:38.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T19:15:11.677",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109300"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4329
Vulnerability from fkie_nvd - Published: 2017-01-06 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.securityfocus.com/bid/92771 | ||
| cret@cert.org | http://www.talosintelligence.com/reports/TALOS-2016-0175/ | Exploit, Technical Description, Third Party Advisory, VDB Entry | |
| nvd@nist.gov | http://www.securityfocus.com/bid/92771/info | Third Party Advisory, VDB Entry | |
| nvd@nist.gov | https://support.kaspersky.com/vulnerability.aspx?el=12430#010916 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92771 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2016-0175/ | Exploit, Technical Description, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | anti-virus | 16.0.0.614 | |
| kaspersky | internet_security | 16.0.0.614 | |
| kaspersky | total_security | 16.0.0.614 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:anti-virus:16.0.0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE75262-7289-48D5-B4B0-F701636DCA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:internet_security:16.0.0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "8771D20C-F4CB-4AEF-8E6E-EC238738ACC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:total_security:16.0.0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "A99E7F48-91A2-4121-B7B6-E5D3B67A520B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad local de denegaci\u00f3n de servicio en la funcionalidad de manejo de mensajes de difusi\u00f3n de ventanas del software Kaspersky Anti-Virus. Enviando ciertos mensajes de ventana no manipulados, un atacante puede provocar la terminaci\u00f3n de la aplicaci\u00f3n y en el mismo sentido eludir el mecanismo KAV de autoprotecci\u00f3n."
}
],
"id": "CVE-2016-4329",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:01.570",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92771"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92771/info"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#010916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4306
Vulnerability from fkie_nvd - Published: 2017-01-06 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.securitytracker.com/id/1036702 | ||
| cret@cert.org | http://www.securitytracker.com/id/1036703 | ||
| cret@cert.org | http://www.talosintelligence.com/reports/TALOS-2016-0168/ | Exploit, Technical Description, Third Party Advisory, VDB Entry | |
| nvd@nist.gov | http://securitytracker.com/id/1036702 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036702 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036703 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2016-0168/ | Exploit, Technical Description, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | total_security | 16.0.0.614 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:total_security:16.0.0.614:*:*:*:*:*:*:*",
"matchCriteriaId": "A99E7F48-91A2-4121-B7B6-E5D3B67A520B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existen m\u00faltiples fugas de informaci\u00f3n en varios manejadores IOCTL del controlador de Kaspersky Internet Security KLDISK. Peticiones IOCTL especialmente manipuladas pueden provocar que el controlador devuelva memoria del kernel fuera de l\u00edmites, filtrando potencialmente informaci\u00f3n sensible como tokens privilegiados o direcciones de memoria kernel que podr\u00edan ser \u00fatiles en la elusi\u00f3n de mitigaciones del kernel. Un usuario no privilegiado puede ejecutar un programa desde el modo de usuario para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2016-4306",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:01.447",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1036702"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1036703"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id/1036702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-27534 (GCVE-0-2022-27534)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security |
Affected:
with antivirus databases released before 12.03.2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "with antivirus databases released before 12.03.2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:49",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"version": {
"version_data": [
{
"version_value": "with antivirus databases released before 12.03.2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27534",
"datePublished": "2022-04-01T22:17:49",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27223 (GCVE-0-2021-27223)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 20:40
VLAI?
Summary
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
Severity ?
No CVSS data available.
CWE
- Denial-of-Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security |
Affected:
with antivirus databases released before June 2021
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "with antivirus databases released before June 2021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:48",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-27223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"version": {
"version_data": [
{
"version_value": "with antivirus databases released before June 2021"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-27223",
"datePublished": "2022-04-01T22:17:48",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15689 (GCVE-0-2019-15689)
Vulnerability from cvelistv5 – Published: 2019-12-02 20:43 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud |
Affected:
prior to version 2020 patch E
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "prior to version 2020 patch E"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T20:43:52",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "prior to version 2020 patch E"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15689",
"datePublished": "2019-12-02T20:43:52",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15687 (GCVE-0-2019-15687)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:45 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:45:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15687",
"datePublished": "2019-11-26T15:45:17",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15686 (GCVE-0-2019-15686)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:44 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.
Severity ?
No CVSS data available.
CWE
- DoS, Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS, Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:44:49",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS, Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15686",
"datePublished": "2019-11-26T15:44:49",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15685 (GCVE-0-2019-15685)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:44 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:44:19",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15685",
"datePublished": "2019-11-26T15:44:19",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15688 (GCVE-0-2019-15688)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:32 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:32:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15688",
"datePublished": "2019-11-26T15:32:17",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8286 (GCVE-0-2019-8286)
Vulnerability from cvelistv5 – Published: 2019-07-18 18:34 – Updated: 2024-08-04 21:17
VLAI?
Summary
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security |
Affected:
up to 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"name": "109300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2019"
}
]
}
],
"datePublic": "2019-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T06:06:03",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"name": "109300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security",
"version": {
"version_data": [
{
"version_value": "up to 2019"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"name": "109300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8286",
"datePublished": "2019-07-18T18:34:15",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4329 (GCVE-0-2016-4329)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Total Security |
Affected:
16.0.0.614
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92771"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "16.0.0.614"
}
]
}
],
"datePublic": "2016-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "92771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92771"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Security",
"version": {
"version_data": [
{
"version_value": "16.0.0.614"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92771"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0175/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4329",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4306 (GCVE-0-2016-4306)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Total Security |
Affected:
16.0.0.614
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036702"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"name": "1036703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "16.0.0.614"
}
]
}
],
"datePublic": "2016-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1036702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036702"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"name": "1036703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Security",
"version": {
"version_data": [
{
"version_value": "16.0.0.614"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036702"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0168/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"name": "1036703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4306",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27534 (GCVE-0-2022-27534)
Vulnerability from nvd – Published: 2022-04-01 22:17 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security |
Affected:
with antivirus databases released before 12.03.2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "with antivirus databases released before 12.03.2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:49",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"version": {
"version_data": [
{
"version_value": "with antivirus databases released before 12.03.2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27534",
"datePublished": "2022-04-01T22:17:49",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27223 (GCVE-0-2021-27223)
Vulnerability from nvd – Published: 2022-04-01 22:17 – Updated: 2024-08-03 20:40
VLAI?
Summary
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
Severity ?
No CVSS data available.
CWE
- Denial-of-Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security |
Affected:
with antivirus databases released before June 2021
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "with antivirus databases released before June 2021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:48",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-27223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"version": {
"version_data": [
{
"version_value": "with antivirus databases released before June 2021"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-27223",
"datePublished": "2022-04-01T22:17:48",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15689 (GCVE-0-2019-15689)
Vulnerability from nvd – Published: 2019-12-02 20:43 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud |
Affected:
prior to version 2020 patch E
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "prior to version 2020 patch E"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T20:43:52",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "prior to version 2020 patch E"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15689",
"datePublished": "2019-12-02T20:43:52",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15687 (GCVE-0-2019-15687)
Vulnerability from nvd – Published: 2019-11-26 15:45 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:45:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15687",
"datePublished": "2019-11-26T15:45:17",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15686 (GCVE-0-2019-15686)
Vulnerability from nvd – Published: 2019-11-26 15:44 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.
Severity ?
No CVSS data available.
CWE
- DoS, Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS, Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:44:49",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS, Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15686",
"datePublished": "2019-11-26T15:44:49",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15685 (GCVE-0-2019-15685)
Vulnerability from nvd – Published: 2019-11-26 15:44 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:44:19",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15685",
"datePublished": "2019-11-26T15:44:19",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15688 (GCVE-0-2019-15688)
Vulnerability from nvd – Published: 2019-11-26 15:32 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:32:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15688",
"datePublished": "2019-11-26T15:32:17",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8286 (GCVE-0-2019-8286)
Vulnerability from nvd – Published: 2019-07-18 18:34 – Updated: 2024-08-04 21:17
VLAI?
Summary
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security |
Affected:
up to 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"name": "109300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2019"
}
]
}
],
"datePublic": "2019-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T06:06:03",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"name": "109300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security",
"version": {
"version_data": [
{
"version_value": "up to 2019"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719"
},
{
"name": "109300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8286",
"datePublished": "2019-07-18T18:34:15",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4329 (GCVE-0-2016-4329)
Vulnerability from nvd – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Total Security |
Affected:
16.0.0.614
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92771"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "16.0.0.614"
}
]
}
],
"datePublic": "2016-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "92771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92771"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Security",
"version": {
"version_data": [
{
"version_value": "16.0.0.614"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92771"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0175/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0175/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4329",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4306 (GCVE-0-2016-4306)
Vulnerability from nvd – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Total Security |
Affected:
16.0.0.614
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036702"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"name": "1036703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "16.0.0.614"
}
]
}
],
"datePublic": "2016-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1036702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036702"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"name": "1036703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Security",
"version": {
"version_data": [
{
"version_value": "16.0.0.614"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036702"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0168/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0168/"
},
{
"name": "1036703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4306",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}